Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

📄 Gogs Git Rebase Argument Injection / Remote Code Execution

This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE...

gogs-rce

Gogs RCE — Argument Injection in git rebase CWE-88 Authen...

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 Critical. The vulnerability allows any authenticated user to achieve remote code execution RCE on the serv...

Fedora 43 : rsync (2026-d4d8ae2bdc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d4d8ae2bdc advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...

Oracle Linux 8 : nginx:1.24 (ELSA-2026-6907)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6907 advisory. - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

mysql:8.4 security update

mecab 0.996-3.4 - Bump version for package rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'CRB' repo - Resolves: 2182069 0.996-3.3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688 0.996-3.2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related:...

Oracle Linux 8 : nginx:1.24 (ELSA-2026-5581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-5581 advisory. - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 - Resolves: RHEL-12728 -...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

valkey security update

8.0.7-1 - Rebase to 8.0.7 for CVE-2026-21863 CVE-2025-67733...

nodejs:20 security update

nodejs 1:20.20.0-1 - Update to version 20.20.0 Resolves: RHEL-141917 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 2.0.20-2 - Patch bundled glob-parent - Resolves: CVE-2021-35065 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517 2.0.15-1 - Resolves: RHBZ2005419 - Resolves...

golang security update

1.25.7-1 - Rebase to latest rhel-10-main 170a5b7e084...

[SECURITY] Fedora 42 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc42

Full-featured terminal-based sequence editor for Git interactive rebase...

[SECURITY] Fedora 43 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc43

Full-featured terminal-based sequence editor for Git interactive rebase...

MiracleLinux 4 : libvirt-0.9.10-21.5.0.1.AXS4 (AXSA:2012-975:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-975:04 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the...

libpq security update

13.23-1 - Rebase to upstream release 13.23 - Resolves: RHEL-131279 CVE-2025-12818...

mariadb:10.11 security update

galera mariadb 3:10.11.15-1 - Rebase to 10.11.15 - Resolves: RHBZ2417697 3:10.11.14-3 - Add installation of downstream sysusers.d config file in place of the upstream one 3:10.11.14-3 - Bump release for tmpfiles.d change 3:10.11.14-2 - Revert to soft static allocation of MariaDB and MySQL...

Oracle Linux 10 : valkey (ELSA-2025-21936)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21936 advisory. - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 - rebase to 8.0.4 for CVE-2025-27151 CVE-2025-48367 and...

Oracle Linux 9 : valkey (ELSA-2025-21916)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21916 advisory. 8.0.6-2 - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 Tenable has extracted the preceding description block direct...